🤖 AI Summary
This study demonstrates that adversaries can exploit ArduPilot’s sensitivity to parameter changes by issuing short sequences of legitimate MAVLink commands to covertly manipulate PID gains, EKF configurations, and failsafe mechanisms across multiple control layers, thereby steering the drone into unsafe states. Through software-in-the-loop (SITL) simulations and experiments on the Pixhawk 2.4.8 hardware platform, the work provides the first systematic evidence that combining authorized commands with logical vulnerabilities in control logic can critically degrade attitude stability, angular rate response, trajectory tracking accuracy, and state estimation integrity—ultimately leading to loss of control or crash. These findings expose critical security blind spots in flight controller implementations concerning parameter handling and state validation.
📝 Abstract
This paper investigates control-aware attacks against ArduPilot-based Unmanned Aerial Vehicles (UAVs), inwhich an adversary exploits the sensitivity of flight-controller dynamics to parameter changes to cause loss of control and crashes. It describes six attacks that exploit interactions among multi-layer controllers by modifying Proportional-Integral-Derivative (PID) gains, altering Extended Kalman Filter (EKF) estimation configuration, and violating failsafe assumptions, thereby forcing ArduPilot into unsafe operating conditions. We evaluate the attacks in Software-in-the-Loop (SITL) simulation and validate them on a Pixhawk 2.4.8 hardware platform. The results show that short sequences of well-formed MAVLink messages can exploit controller sensitivity to parameter values and updates frequency, affecting controller states and degrading attitude stability, angular-rate behavior, trajectory tracking, and estimator health. We demonstrate that when multiple effects are combined, the vehicle can enter an unsafe state and crashes. These findings show that security gaps in input-parameter handling, command trust, and controller-state validation can be exploited to cause loss of control and crashes in UAVs.